<?php

//包含公共文件
include '../../common/common.php';

//接收post传值
// var_dump($_POST);
$uname = trim($_POST['username']);
$pwd     = trim($_POST['pwd']);
$yzm     = trim($_POST['Lverify']);

//打印
// var_dump($uname);
// var_dump($pwd);
// var_dump($yzm);

//查询数据库,包括伪删除
$res = mySelect($link , '*' , DB_TABLE_USER , "where username = '$uname' and uisdel=0");
//var_dump($res);

//判断用户是否已被删除
if (!$res) {

	exit('当前用户不存在,如有疑问,请联系管理员<br /> <a href="'  . $_SERVER['HTTP_REFERER'] .'">返回上一页</a>');
}


//获取数据库数据
$uid           = $res[0]['uid'];
$resName  = $res[0]['username'];
$resPwd     = $res[0]['password'];
$afterLogin = $res[0]['afterlogin'];
$allowLogin = $res[0]['allowlogin'];
$bcount       = $res[0]['bcount'];
$grade        = $res[0]['grade'];
$userType   = $res[0]['usertype'];

//打印
// var_dump($uid);          
// var_dump($resName);
// var_dump($resPwd);
// var_dump($afterLogin);
// var_dump($allowLogin);
// var_dump($bcount);
// var_dump($grade);
//var_dump($userType);


//获取当前 IP
$ip1 = $_SERVER['REMOTE_ADDR'];
//判断是否在ipv6格式下的ip地址
if ($ip1 == '::1') {

 	$ip1 = '127.0.0.1';
}

$ip = ip2long($ip1);

// var_dump($ip1);
// var_dump($ip);

//查询数据库, 判断IP是否被禁止	
$resIp = mySelect($link , '*' , DB_TABLE_BIP , "where ip = $ip");
$overTime = $resIp[0]['overtime'];
$isAlways = $resIp[0]['isalways'];
//var_dump($resIp);
//var_dump($resIp);

//判断是否永久锁定IP
if ($isAlways == 1) {

	exit('此 IP 被永久锁定<br /> <a href="'  . $_SERVER['HTTP_REFERER'] .'">返回上一页</a>');
}

//判断IP锁定时间是否到期
if ($overTime > time()) {
	
	$time  = ceil(($overTime - time()) / 60);
	exit('此 IP 已被被锁定,还有 '. $time .' 分钟到期<br /> <a href="'  . $_SERVER['HTTP_REFERER'] .'">返回上一页</a>');
}

//判断用户名是否存在
if (!$res) {

	exit('该用户名不存在,请先注册<br /> <a href="'  . $_SERVER['HTTP_REFERER'] .'">返回上一页</a>');
}

//判断是否允许登录
if ($allowLogin == 1) {

	exit('您的账号已被锁定,无法登录<br /> <a href="'  . $_SERVER['HTTP_REFERER'] .'">返回上一页</a>');
}

//判断密码是否正确, 错误时错误次数 + 1,达到5次时,锁定用户,并更新数据库数据
if (md5($pwd) !== $resPwd) {

	//当错误次数达到5次时,锁定用户,并更新数据库数据
	if  ($bcount >= 5) {

		$allowLogin = 1;
		$data2 = ['allowlogin' => $allowLogin];
		$pwdErr2 = myUpdate($link , DB_TABLE_USER , $data2 ,  " username = '$uname'");
		// var_dump($pwdErr2);

		exit('您的账号已被锁定<br /> <a href="'  . $_SERVER['HTTP_REFERER'] .'">返回上一页</a>');

	}

	//密码错误次数 +1, 并更新数据库
	$bcount++; 

	$data1 = ['bcount' => $bcount];
	//var_dump($data1);
	$pwdErr1 = myUpdate($link , DB_TABLE_USER , $data1 ,  "username = '$uname'");
	// var_dump($pwdErr1);

	exit('第 '. $bcount .'次密码错误<a href="' .$_SERVER['HTTP_REFERER'] .'">返回上一页</a>') ;


}


//比较验证码
if ($yzm !== $_SESSION['verify']) {

	exit('验证码错误<a href="' . $_SERVER['HTTP_REFERER'] . '">返回上一页</a>');
}

//加积分,并获取响应的等级数
$grade2 = $grade + 10; 
$grade3 = myLevel($grade2); 
$levName = $grade3[1];
$border    = $grade3[2];
// var_dump($grade3);
// var_dump($levName);
// var_dump($border);

//更改登录状态
$afterLogin = 1 ;

//更新数据库数据
$data3 = [
	'afterlogin'  => $afterLogin,
	'grade'	      => $grade2,
	'levname'   => "$levName"
];
$resLogin  = myUpdate($link , DB_TABLE_USER , $data3 , " username = '$uname'");
//var_dump($resLogin);



//记录cookie ,生命周期为0 时: cookie在浏览器打开时一直有效
setcookie('username' , $uname , 0 ,'/');
setcookie('uid' , $uid , 0 ,'/');
setcookie('afterlogin' , $afterLogin , 0 ,'/');
//var_dump($_COOKIE);

//判断是否刚升级
if ($grade < $border && $grade2 >= $border) {

	echo '亲爱的<span style="color:red; font-weight:bold;"> '. $uname .' </span>恭喜您升级到<span style="color:red; font-weight:bold;"> ' . $levName . ' </span><br /> 登录成功';
} else {

	echo '亲爱的<span style="color:red; font-weight:bold;"> '. $uname .' </span>,恭喜您登录成功 , 积分 +10';

}


//页面跳转
header('refresh:1; url=' . $webSite . 'index.php');

